Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java @ 548:95a48e1f1a26 openid
Fix return_url handling and send params to client in header
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 27 Feb 2015 17:23:05 +0100 |
parents | f9f1edd30b33 |
children | fff43091ccc9 |
comparison
equal
deleted
inserted
replaced
547:f9f1edd30b33 | 548:95a48e1f1a26 |
---|---|
164 HttpServletRequest hReq = (HttpServletRequest) req; | 164 HttpServletRequest hReq = (HttpServletRequest) req; |
165 /* First check if the header is provided at all */ | 165 /* First check if the header is provided at all */ |
166 String oidParamString = hReq.getHeader(oidHeader); | 166 String oidParamString = hReq.getHeader(oidHeader); |
167 | 167 |
168 if (oidParamString == null) { | 168 if (oidParamString == null) { |
169 logger.debug("Header " + oidHeader + " not provided."); | 169 logger.debug("Header " + oidHeader + " not provided. Trying params."); |
170 } else { | |
171 logger.debug("Trying to verify query."); | |
172 oidParamString = hReq.getQueryString(); | 170 oidParamString = hReq.getQueryString(); |
173 } | 171 } |
174 | 172 |
175 /* Parse the parameters to a map for openid4j */ | 173 /* Parse the parameters to a map for openid4j */ |
176 ParameterList oidParams = splitParams(oidParamString); | 174 ParameterList oidParams = splitParams(oidParamString); |
179 } | 177 } |
180 | 178 |
181 /* Verify against the discovered server. */ | 179 /* Verify against the discovered server. */ |
182 VerificationResult verification = null; | 180 VerificationResult verification = null; |
183 /* extract the receiving URL from the HTTP request */ | 181 /* extract the receiving URL from the HTTP request */ |
184 StringBuffer receivingURL = hReq.getRequestURL(); | 182 String receivingURL = hReq.getRequestURL().toString(); |
185 String queryString = hReq.getQueryString(); | 183 |
186 if (queryString != null && queryString.length() > 0) | 184 if (!receivingURL.contains("?is_return=true&")) { |
187 receivingURL.append("?").append(hReq.getQueryString()); | 185 receivingURL += "?is_return=true&"; |
186 } | |
187 /* XXX this is broken and does not work as that information only | |
188 * authenticates this Return url and not any other URL. We have | |
189 * to change this. */ | |
190 receivingURL.replace("localhost", "127.0.0.1"); | |
188 | 191 |
189 try { | 192 try { |
190 verification = manager.verify(receivingURL.toString(), oidParams, | 193 verification = manager.verify(receivingURL.toString(), oidParams, |
191 discovered); | 194 discovered); |
192 } catch (MessageException e) { | 195 } catch (MessageException e) { |
250 | 253 |
251 @Override | 254 @Override |
252 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | 255 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
253 throws IOException, ServletException | 256 throws IOException, ServletException |
254 { | 257 { |
258 HttpServletRequest hReq = (HttpServletRequest) req; | |
259 HttpServletResponse hResp = (HttpServletResponse) resp; | |
255 if (!discoveryDone) { | 260 if (!discoveryDone) { |
256 discoveryDone = discoverServer(); | 261 discoveryDone = discoverServer(); |
257 } | 262 } |
258 if (discoveryDone && checkOpenIDHeader(req)) { | 263 if (discoveryDone && checkOpenIDHeader(req)) { |
259 /** Successfully authenticated. */ | 264 /** Successfully authenticated. */ |
265 hResp.addHeader(oidHeader, hReq.getQueryString().replace( | |
266 "is_return=true","")); | |
260 chain.doFilter(req, resp); | 267 chain.doFilter(req, resp); |
261 return; | 268 return; |
262 } | 269 } |
263 String authRequestURL = "Error communicating with openid server"; | 270 String authRequestURL = "Error communicating with openid server"; |
264 if (discoveryDone) { | 271 if (discoveryDone) { |
265 /* Get the authentication url for this server. */ | 272 /* Get the authentication url for this server. */ |
266 try { | 273 try { |
267 HttpServletRequest hReq = (HttpServletRequest) req; | |
268 String returnToUrl = hReq.getRequestURL().toString() | 274 String returnToUrl = hReq.getRequestURL().toString() |
269 + "?is_return=true"; | 275 + "?is_return=true"; |
270 AuthRequest authReq = manager.authenticate(discovered, | 276 AuthRequest authReq = manager.authenticate(discovered, |
271 returnToUrl); | 277 returnToUrl); |
272 authRequestURL = authReq.getDestinationUrl(true); | 278 authRequestURL = authReq.getDestinationUrl(true); |
276 } catch (ConsumerException e) { | 282 } catch (ConsumerException e) { |
277 logger.debug("Error in consumer manager: " + | 283 logger.debug("Error in consumer manager: " + |
278 e.getMessage()); | 284 e.getMessage()); |
279 } | 285 } |
280 } | 286 } |
281 ((HttpServletResponse) resp).sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + | 287 hResp.sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + |
282 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + | 288 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + |
283 "\"readonly\":false,\"totalCount\":0}"); | 289 "\"readonly\":false,\"totalCount\":0}"); |
284 } | 290 } |
285 @Override | 291 @Override |
286 public void destroy() | 292 public void destroy() |